In the context: Avast is conducting a thorough investigation into the UltimaSMS premium fraudulent campaign. This campaign consisted of apps that could be downloaded from the Google Play Store. Once installed, these apps will ask you for your information to sign up for a premium service, which can cost you $ 40 per month.
Avast investigation disclosed 151 applications are associated with the UltimaSMS campaign. The first was Ultima Keyboard 3D Pro, after which the campaign was named. You can check the full list of apps at GitHub Avast…
In total, users have downloaded fraudulent apps over 10.5 million times in over 80 countries, including the United States (170,000 downloads). Google has already blocked all 151 overlays from the Play Store, but has no way to remove them from the user’s device. Users of any of the listed applications should install them immediately.
Disguised as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera and game filters, these apps will check your phone location, IMEI and phone number to “determine which country code and language to use for fraud.”
After opening the app, users will be prompted to enter their phone number, and sometimes their email address, so that users can access the app’s advertising features. By providing their details, users will instead subscribe to premium SMS services, which cost up to $ 40 per month. If users try to access advertised app features, they will be offered more SMS subscriptions or the app will simply stop working.
Google has already run several Play Store cleanups in the past, removing apps infected with Windows malware and adware, and even harassing apps.
As Android malware becomes more prevalent, Google should be stricter on the apps that make up its platform. Unlike Apple, which is known for thoroughly testing all apps before uploading them to the App Store, Google’s app review process is faster, easier to navigate, and less complicated. In comparison, Apple can take up to a week before an app is deemed safe to use, whereas Google usually takes less than two days.
It may be time for Google to change its process by opting for a more robust and secure approach to ensure that its users are safe from these nefarious apps.